SirsiDynix e-Library 3.5.x - Cross-Site Scripting

SirsiDynix e-Library 3.5.x - Cross-Site Scripting Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Date: 2019-24-01 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.c...

The vulnerability of the Oracle One-to-One Fulfillment component (OCM Query) within the Oracle E-Business Suite automation system, which allows a perpetrator to modify protected information.

The vulnerability of the Oracle One-to-One Fulfillment OCM Query component of the Oracle E-Business Suite automation system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify protected information using the HTTP protocol...

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows attackers to modify sensitive information or cause service failures.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify protected information or cause service failures...

The vulnerability of the Security component of the Oracle Retail Xstore Payment software allows a perpetrator to modify protected information or cause service failures.

The vulnerability of the Security component of the Oracle Retail Xstore Payment software lies in deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify protected information or cause service failures using the HTTP protocol...

Unspecified Vulnerability in Oracle Retail Applications Retail Xstore Payment

Oracle Retail Applications is a set of retail applications store solutions from Oracle Corporation. Retail Xstore Payment is one of the retail service payment components. An unspecified vulnerability exists in Oracle Retail Applications Retail Xstore Payment. An attacker could exploit this...

Unspecified Vulnerability in Oracle Enterprise Manager Products Suite (CNVD-2019-37391)

Oracle Enterprise Manager Products Suite is a set of Oracle's on-premise management platform. Application Testing Suite is one of the application testing components. A security vulnerability exists in the Application Testing Suite component of Oracle Enterprise Manager Products Suite. An attacker...

Unspecified Vulnerability in Oracle Java SE Java Advanced Management Console

Oracle Java SE is Oracle's suite of standard edition Java platforms for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. java Advanced Management Console is one of the Java Advanced Management Console components for creating...

CVE-2019-2549

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications subcomponent: Logoff Page. The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2550

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications subcomponent: Logoff Page. The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2540

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2019-2533

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Security : Privileges. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve...

CVE-2019-2497

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Messages. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2019-2496

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Messages. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2019-2485

Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite subcomponent: Administration. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker...

CVE-2019-2463

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2487

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite subcomponent: UI Infrastructure. Supported versions that are affected are 6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HT...

CVE-2019-2491

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite subcomponent: Message Display. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2019-2489

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: OCM Query. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access...

CVE-2019-2492

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite subcomponent: Message Display. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2019-2452

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...